What Happens When - more than you ever wanted to know about "what happens when you type "google.com" into your browser and hit enter. Overkill? Certainly - but a great example that there is always a deeper level of knowledge to which one can go.

Along with some useful finds:

CapTipper: Malicious HTTP traffic explorer tool. Point it at a PCAP or live traffic and easily pull out hosts, conversations, downloaded files, etc.

Advanced Nmap: Scanning Firewalls: this article walks through scanning a live firewall with Nmap, analyzing the results, and using that information to fine-tune (tighten) firewall rules.

VirusTotal Tools: two Python scripts written by Didier Stevens. The first accepts a file with a list of hashes, and returns a CSV file with details on whether if any have been submitted before; the second is for extracting malcode from a password-protected ZIP and submitting it to VirusTotal, without ever extracting the sample to disk.

Hacking MIPS whitepaper: great resource on building an emulation lab for researching MIPS-based *nix OSes (many wireless routers run on MIPS architecture).

Lenny Zeltser's Blocklists: A list of sites providing blocklists of known malicious websites - great for blocking unintended browsing to malicious sites, as well as for research and testing. If you choose to use these for anything other than blocking, be sure you know what you are doing.

Many ways of malware persistence - blog post at Jump ESP Jump with a concise summary of common ways malware can ensure its continued existence on a compromised host.